tewv2_240405[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

tewv2_240405.zip
Size

177KB
MD5

d22bdd5935cc890bb920b2963fadcebe
SHA1

665318650c8a54cb6de1f39facde0ebf6cd02226
SHA256

0745e632f08d74e7aefc4359ef901a53258766180048fee75c893fc57dc7ccd0
SHA512

877a49a668ed4fb1aec069d2b679132d1d8079f38b8947ac1edc422bbf54faccf3b3b1d3ebe7b14322e73564438d9bfc8b0e6e9d1bab8bf2475dd378f06b370b
SSDEEP

3072:AAtzSQWSgGBJicuG7Ej1tY/85IC+6Ei4utACogonWYBICGE71gBnxf:AAJjDXicuGu1t7bci4UAXWS2t

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lib/tewv32.dll
unpack001/lib/tewv64.dll

Files

tewv2_240405.zip
.zip
lib/tewv32.dll
.dll regsvr32 windows:6 windows x86 arch:x86

f4d1247cd465f079c1703da52e6cc85b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryExW
GetModuleHandleW
LoadLibraryW
FreeLibrary
GetEnvironmentVariableW
CloseHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
HeapReAlloc
GetFileAttributesW
CreateFileW
lstrcmpiW
lstrcpyW
lstrcatW
OutputDebugStringW
GetLastError
GetTempPathW
GetModuleFileNameW
OutputDebugStringA
DecodePointer
lstrlenW
HeapSize
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
WriteConsoleW

user32

ReleaseDC
GetClientRect
ClientToScreen
CopyRect
FindWindowExW
GetDC

gdi32

GetDeviceCaps

advapi32

RegGetValueW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegCloseKey
RegOpenKeyExA
RegQueryValueExW

shell32

SHGetPathFromIDListW

ole32

CLSIDFromString
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
RevokeDragDrop

oleaut32

VariantClear
VariantChangeType
SafeArrayAccessData
SafeArrayRedim
SafeArrayDestroy
VariantInit
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SysFreeString
SafeArrayCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SafeArrayPutElement
VariantCopy
SafeArrayUnaccessData
SafeArrayCreate
SysAllocStringLen

shlwapi

PathAppendW
PathFindFileNameW
ord219

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib/tewv64.dll
.dll regsvr32 windows:6 windows x64 arch:x64

c5e62ddcecb43c2253ac2b542e812753

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryExW
GetModuleHandleW
LoadLibraryW
FreeLibrary
GetEnvironmentVariableW
CloseHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
HeapReAlloc
GetFileAttributesW
CreateFileW
lstrlenW
lstrcatW
lstrcpyW
lstrcmpiW
GetModuleFileNameW
GetLastError
OutputDebugStringW
OutputDebugStringA
WriteConsoleW
GetTempPathW
HeapSize
SetStdHandle
SetFilePointerEx
GetStringTypeW
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapAlloc
HeapFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW

user32

GetDC
ReleaseDC
GetClientRect
ClientToScreen
FindWindowExW
CopyRect

gdi32

GetDeviceCaps

advapi32

RegGetValueW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegQueryValueExW
RegOpenKeyExA
RegCloseKey

shell32

SHGetPathFromIDListW

ole32

RegisterDragDrop
CoTaskMemFree
CLSIDFromString
CoTaskMemAlloc
RevokeDragDrop

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantChangeType
VariantCopy
VariantClear
VariantInit
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen

shlwapi

ord219
PathAppendW
PathFindFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4d1247cd465f079c1703da52e6cc85b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

c5e62ddcecb43c2253ac2b542e812753

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 7KB - Virtual size: 11KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 7KB - Virtual size: 11KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB